(In reply to AndreasBuck from comment #0)
> "Do not Access Superglobal $_POST Array Directly.
> 
> Use some filtering functions instead (e.g. filter_input(), conditions with
> is_*() functions, etc.)"
> 
> This hint also appears if $_POST is being assigned:
> $_POST = $postData;
> 
> In my concrete case this is used to prepare the environment for a PHPUnit
> test case. I believe the hint is not appropriate in this situation.

You have to use filter functions like:
- filter_input_array
- htmlentities
- mysql_real_escape_string

I'm annoyed that the warning is still showing up when using: isset(), is_null(), empty() since I'm sticking to the comment.

My concern is that assigning the variable should not give a warning about accessing it, which in this case I don't. Or did I get the concept wrong?

To me it seems reasonable to get the warning if I do something like this:
$useInput = $_POST['input'];
As it clearly is dangerous to just do that without performing any checking as proposed by the hint. I also feel that it is correct that isset(), is_null() or empty() aren't considered as a solution in this case as this only checks that there is a value but not not what it is. As in, whether it is dangerous to be used.

It seems unnecessary though to apply the same hint to this case:
$_POST = $dummyArrayValue; // for unit testing
As I just found out, the hint is actually not shown if I would instead do this:
$_POST['value'] = $dummyValue; // for unit testing
Which appears like an inconsistency and makes me believe even more that the initial intention was not to show the hint on assignment.